Tuesday, June 25, 2013

Oracle
has prolonged its data center fabric to its Sparc-based Unix
platforms, promising to let enterprises tie more servers and
applications into the high-speed infrastructure which give
users faster access to critical apps.

Data
center fabrics are designed to make infrastructures more scalable,
dynamic and flexible by tying together the various resources in the
data center, which is increasingly important, given the rapid growth
of such technologies as cloud computing and virtualization, as well
as such trends as mobile computing and bring your own device (BYOD)
and the rising demand for faster application performance.

Oracle
Virtual Networking support to its Sparc T5, T4 and M5 servers and for
the Oracle Solaris 11 OS on both Sparc and x86 hardware. It saves IT
departments from having to install multiple network interface cards
and host bus adapters in its physical servers, while tying together
the resources in the data center at speeds up to 80Gbps (bits per
second).The fabric supports a range of operating systems, including
Oracle Solaris, Oracle Linux and Microsoft's Windows, and
virtualization platforms, such as Oracle VM, VMware and Microsoft's
Hyper-V.

"The good news is that
OpenSuse 12.3 RC2 can boot perfectly with Secure Boot enabled in our
UEFI firmware," he added.

The E17 desktop

Anyone who has ever checked
out Bodhi Linux has already seen the beautiful E17, or
"Englightenment," desktop, and that's now offered in
OpenSuse 12.3 as well. Also now included are the Sawfish and Awesome
window managers.

Tuesday, June 18, 2013

Regardlessof
the buzz, JavaScript manages only a 10th place showing in index,
while C holds top place

JavaScript,
while possibly the language with the most buzz these days, however
continues to score comparatively low in the index of popular
programming languages. But the popular Web development language
crawled back into the top 10 in the index.

Ranked
10th, JavaScript turns up in just 1.64 % of Internet searches used to
compile. It is still a bit of a miracle why this universal
language is not yet part of the top 5. JavaScript
is the glue of client-side Web page programming now
a days. But JavaScript is presently booming its application domain.
Node.js
has made JavaScript a server-side programming language
and the amount of JavaScript-based games (mostly browser-based) is
increasing.

I
can't find any credible reason for the relatively low score of
JavaScript. JavaScript is never or barely ever used as a standalone
language. It is always the supporter language of a system that is
programmed in something else. For example - server-side Java or PHP
and client-side a bit of JavaScript.Still,
JavaScript bears threats such as being regarded as a language in
which it is simple to make mistakes. This is why Google
has highly-developed Dart,
presently hierarchic 80th in terms of popularity and a possible
JavaScript successor. In the meantime, other languages, such as
CoffeeScript and TypeScript, were designed to create JavaScript code
instead of writing it manually.

Friday, June 14, 2013

Oracle
plans to make changes to strengthen the security of Java, including
fixing its certificate revocation checking feature, preventing
unsigned applets from being executed by default and adding
centralized management options with whitelisting capabilities for
enterprise environments. These
changes, along with other security-related efforts, are intended to
"decrease the exploitability and severity of potential Java
vulnerabilities in the desktop environment and provide additional
security protections for Java operating in the server environment.

The development team has expanded the use of automated security testing
tools, facilitating regular coverage over large sections of Java
platform code. The team worked with Oracle's primary provider of
source code analysis services to make these tools more effective in
the Java environment and also developed so-called "fuzzing"
analysis tools to weed out certain types of vulnerabilities.

The
apparent lack of proper source code security reviews and quality
assurance testing for Java 7 was one
of the criticisms brought by security researchers in light
of the large number of critical vulnerabilities that were found in
the platform.The
changes were meant to discourage the execution of unsigned or
self-signed applets. "In the near future, by default, Java will
no longer allow the execution of self-signed or unsigned code."

Such
default behavior makes sense from a security standpoint considering
that most Java exploits are delivered as unsigned Java applets.
However, there have been cases of digitally
signed Java exploits being used in the
past and security researchers expect their number to increase. Because
of this it's important for the Java client to be able to check in
real time the validity of digital certificates that were used to sign
applets. At the moment Java supports certificate revocation checking
through both certificate revocation lists (CRLs) and the Online
Certificate Status Protocol (OCSP), but this feature is disabled by
default.

Oracle
is making improvements to standardized revocation services to enable
them by default in a future release. Unlike most home users, many
organizations can't afford to disable the Java browser plug-in
because they need it to access Web-based business-critical
applications created in Java.Local Security Policy features will soon be added to Java and system
administrators will gain additional control over security policy
settings during Java installation and deployment of Java. Even though
the recent Java security issues have generally only impacted Java
running inside browsers, the public coverage of them has also caused
concern among organizations that use Java on servers.As a result, the
company has already started to separate Java client from server
distributions with the release of the Server JRE (Java Runtime
Environment) for Java 7 Update 21 that doesn't contain the browser
plug-in.

GeoNames:- GeoNames turns strings of characters into
latitudes and longitudes. The database includes both geographic
names and political entities.

FlightStats
:- FlightStats tracks the thousands of
planes moving through the air, watching for the delays and
reroutings that can scuttle plans. The API can answer whether a
flight is on time, canceled, or being sent to a different airport.

FollowTheMoney :-
Follow the money has been used several times in investigative
journalism and political debate. One example is Follow the Money, a
series of CBS reports. You Search by state, year, candidate, party,
office, and many other fields. Content is available under a Creative
Commons license and is not to be used for commercial purposes.

USA.gov
:- The world is full of fakes, and the
social media world does not reflect the very best. This is why the
U.S. government created a definitive list of official social media
accounts.

StockTwits:- StockTwits is a collection of words
written about the stocks. The API offers a wide range of open and
premier queries on the stocks, forex, and bonds.

Yahoo
Content Analysis :- The API requires use of
Yahoo Query Language and is limited to 5,000 queries a day for
noncommercial purposes.

Moodstocks
:- Moodstocks offers a full-featured library
for iOS and Android developers, as well as tools for uploading
images to the server that performs all computational matching.

MusixMatch
:- MusixMatch offers an API with basic
searching, as well as a PHP library, an Android plug-in, Perl, Ruby,
and more.

OpenStreetMap
:- OpenStreetMap offer an API for editing
the map data and another one for displaying the data in a Web page.
Not only are you encouraged to use their map data, you're welcome to
add to their collection.

Panoramio
:- Panoramio offers an API for searching
geo-linked photos along with a widget for displaying them.

3D
Geo Stats :- 3D Geo Stats is like the
classic map API, but the data is drawn on top of a 3D globe in a
Flex component.

New York Public Library:- Sure you could
travel to New York and enjoy a Broadway show on the side, but it's
cheaper and faster to just browse the stacks of the New York Public
Library through its API.

Thursday, June 13, 2013

No more support for IE
6/7/8 : Remember
that this can also affect IE9 and even IE10 if they are used in
their “Compatibility View” modes that emulate older versions. To
prevent these newer IE versions from slipping back into prehistoric
modes, you have always use an X-UA-Compatible tag or HTTP header. If
you can use the HTTP header it is slightly better for performance
because it avoids a potential browser parser restart.

Reduced size:
The final 2.0.0 file is 12 percent smaller than the 1.9.1 file. You
can now exclude combinations of 12 different modules to create a
custom version that is even smaller.

Custom builds for even
smaller files: This
feature has been greatly refined and extended since its debut in
jQuery 1.8. A new minimal selector engine, basically a thin wrapper
around the browser’s querySelectorAll
API, lets you shrink the build to less than 10KB when minified and
gzipped.

jQuery 1.9 API
equivalence: jQuery
2.0 is API-compatible with 1.9, which means that all of the changes
documented in the jQuery 1.9 Upgrade Guide have been applied to
jQuery 2.0 as well. If you haven’t yet upgraded to jQuery 1.9, you
may want to try that first. Be sure to use the jQuery Migrate
plugin.

How
to Use It

jQuery 2.0 is intended for the
modern web; we’ve got jQuery 1.x to handle older browsers and fully
expect to support it for several more years. If you want, you can
serve 2.0 to newer browsers and 1.9 to older ones using our
conditional comment trick, but that is not
required. The simplest way to support older browsers is to use jQuery
1.x on your site, since it works for all browsers.

With the release of jQuery
2.0, there are a few environments where the jQuery will no longer
support use of the 1.x line because 2.x is a far better choice. These
are typically non-web-site scenarios where support for older IE isn’t
relevant. They include:

Dropbox announced that it has acquired email app Mailbox . Like
many of you, when we discovered Mailbox we fell in love-it was
simple, delightful, and beautifully engineered,"

One reason Dropbox may have been interested in Mailbox is because
people often use Dropbox instead of attaching large files to emails.
Gmail recently rolled out a feature that lets users attach files to
emails seamlessly using Google Drive, which arguably reduces the
usefulness of Dropbox since you have to visit another site to access
your files.

While there are no signs that Dropbox will announce its
own email service, receiving Dropbox attachments inside messages from
Mailbox users could be both smart and easy marketing.

Or maybe Dropbox is just eager to bring new, design-focused,
cloud-centric companies into the fold. The developer says that 60
million emails are going in and out per day, and the company’s
service capacity has grown 2,000x.

Wednesday, June 12, 2013

HTML5
is the latest version of Hypertext Markup Language. It’s very easy
to learn even for a beginner. The interest about HTML5 is increasing
day by day and the number of web professionals adopting this
technology is also increasing rapidly. HTML5 also reduces the use of
scripting languages and it’s more SEO
friendly. HTML5 use in Web applications to run on a variety of
devices, including tablets, mobile phones, and laptops with
touchscreens.

Most Developers Now Prefer HTML5 For
Cross-Platform Development :- Now a days
most of developers prefer to work with HTML5 instead of native apps
for their cross-platform development. Only 15% of developers said
they would prefer to use a native-only approach. Mostly developers
said they were interested in developing for Windows 8 (66%) and
ChromeOS (47%), in Blackberry 10 (13%) and Tizen (8%).

HTML5 application caught up to native, or not
:- When we build an HTML5 app, we can't build it like you build a
Web page. If you treat it like a Web page, you're going to have slow
performance. You have to treat it like a programming platform.
That's where our framework comes in, which is you treat the browser
as a rendering platform but create all your user interface and all
your app logic in JavaScript. That allows you to dynamically add and
subtract screen elements on the fly and get much, much better
performance. HTML5 is better for native performance for Android and
iOS.

Programming HTML5 Applications
:- Building Powerful Cross-Platform Environments in JavaScript :
HTML5 is not just a replacement for plugins. It also makes the Web a
first-class development environment by giving JavaScript programmers
a solid foundation for building industrial-strength applications.
This practical guide takes you beyond simple site creation and shows
you how to build self-contained HTML5 applications that can run on
mobile devices and compete with desktop apps.

HTML5 for mobile developers
:- HTML5 specification coming to fruition, browser-based mobile apps
are rapidly catching up with the natives. It's really the iPad as
the tablet device; on phones, it's BlackBerry phones, a little bit
of Windows Phone, and iOS and Android. That's the trend for
everything.HTML5 has some key specifications from which mobile Web
apps can benefit. Here are few note worthy ones :-

Software engineers spend more time on administration and other tasks than they do on actual application design and coding.

In the
survey, design and coding take up more hours than any other single
process in a software development project: an average of 19.1 hours
per week. Brainstorming and collaboration take up 6.7 hours.
Administrative tasks, such as dealing with email and meetings, take
up 5.8 hours. Software engineers spend 3.7 hours waiting for tests
to complete, 3.5 hours waiting for builds to
complete, and 2.7 hours on environment management -- or 9.9 hours in
total for these housekeeping functions. Collectively, all the
non-design and non-coding tasks take up 22.4 hours per week out of
the 41.5 hours worked in total.

The survey also polled others involved in the software development processes, including test engineers, technical architects, project managers/test leads, and product managers.

Friday, June 7, 2013

Ninety-nine percent of
applications have one or more vulnerabilities. Many of the
high-profile data breaches over the past several months were the
result of a common Web application vulnerability. While it may be
impossible to eliminate all flaws in Web applications, software
security experts say eliminating the most commonly targeted errors
could help magnify the risk of many automated attacks. These are the
following points :-

1. Cross
site scripting bother continues

Cross
site scripting vulnerabilities appear 61 percent
& it is the most commonly detected vulnerabilities in Web
applications. It enables an attacker to send malicious scripts by
shifting the script from an otherwise trusted URL.They can be
detected with a Web application security scanner or blocked using a
Web application firewall.

2.
Information leakage errors a serious threat

Information
leakage accounted for only 17 percent of Web applications,
but the danger posed by the vulnerability makes finding and
eliminating them extremely critical. Web applications can leak
information in a kind of ways. Poorly implemented encryption also
can yield information to an attacker.3.
Session management most common error

Session
management vulnerabilities were detected in 80 percent of
applications, more than any other
application vulnerability class. Attackers can take advantage of
poorly implemented session management, enabling them to interject
themselves as valid website users. 4.
SQL injection rising

SQL
injection accounted for 16 percent of all Web applications. While
all other classes of vulnerabilities saw declines in but SQL
injection has risen. SQL
injection is a favorite vulnerability of attackers because automated
scripts can be used to get a website to send a malicious SQL command
to the underlying database in an effort to expose its content.

Cross Site
Request Forgery (CSRF) accounted for 22 percent of all Web
applications tested. The class of vulnerabilities that make up CSRF allows attackers to send per-authenticated but unauthorized commands using credentials that the application trusts. Attackers can use a CSRF attack to ride the session of an individual on a particular website by using the victim’s browser credentials. In addition to the browser, an attacker can use a malicious script in a Microsoft Office document or Flash file that exploits CSRF.

The BIND software maintainers support server
administrators to disable regular expression support or install
patches as soon as possible.

BIND is by far the most widely used DNS (Domain Name System)
server software on the Internet. It is the de facto standard DNS
software for many UNIX-like systems, including Linux, Solaris,
various BSD variants and Mac OS X. A flaw in the widely used BIND DNS
software can be exploited by remote attackers to crash DNS servers
and affect the operation of other programs running on the same
machines.

The vulnerability can be exploited by sending specifically crafted
requests to vulnerable installations of BIND that would cause the DNS
server process -- the name daemon, known as "named" -- to
consume excessive memory resources. This can result in the DNS server
process crashing and the operation of other programs being severely
affected. BIND 10 is not affected by this vulnerability.

Thursday, June 6, 2013

Oracle has refreshed its SPARC
family with the world’s fastest processor and launched the world’s
fastest single server for Database, Java and multi-tier applications.

Oracle also announced two new Oracle
Optimized Solutions that exploit the performance, reliability and
value of SPARC T5 servers, Oracle storage, Oracle Database and Oracle Middle ware. These new solutions help maximize application performance
and availability while lowering acquisition cost and operating
expenses.

Servers built with
Oracle's new T5 microprocessors have beaten several performance
records and run business databases and applications much faster than
previous versions.

When Oracle bought
Sun, a lot of people thought the SPARC microprocessor was a real
laggard and would never catch up. We've done better than catch up.

It Companies and respective developers alike are
heavily leveraging API-based access to data and services, especially
for mobile and cloud apps. And they're getting an increasing scope of
technologies to choose from for managing all those API processes.

In some ways, API management is a follow-up to
service-oriented architecture (SOA), an approach to modular,
orchestrated software delivery that was the "it" enterprise
technology in the mid-2000s but later fell out of favor as too
academic and abstract for businesses paying the software architecture
bills. Nonetheless, SOA's principles remain as valid as ever and have
continued to be used -- especially in cloud offerings -- even as few
vendors and developers dare speak the term.

Because of the proliferation of API-enabled data
access from corporate applications via mobile devices, lighter-weight
REST-based APIs are gaining prominence over more-complex SOAP APIs.
API management vendors such as WSO2 and Layer 7 have thus added REST
support in their tools.

Monday, June 3, 2013

Experts
say the language should crib app isolation, locality, and automated
parallelism from more modern sources.

Java and its linchpin JVM (Java Virtual
Machine) still have much room to get better even after debuting 18
years ago, say experts who would like improvements in such areas as
locality, application isolation, and parallel operations.

The JVM, which has provided a mechanism
to run Java applications on multiple hardware platforms, could be
fitted with capabilities similar to the C language's struct feature,
providing benefits in locality by improving linkage between memory
and processors. "[Struct] gives advantages in the area of
footprint," and provides a lightweight object with fields and no
methods.

Java and mobile applications in
particular, meanwhile, could benefit from Google Android's "failsafe"
capabilities enabling application isolation Automated parallel operations for the
Java language and runtime are desirable. Lambda capabilities in Java
Standard Edition 8 bring this closer to happening via an API, but it
would like to see parallelism go a step further. "Ideally, what
you'd like to be able to have is a language and a run time that you
don't have to express it explicitly. It just figures this out
automatically."